通過調用TSPI接口函數來訪問TPM emulator
目錄
實驗環境:
- Ubuntu14.04 LTS
- TPM emulator0.7
- trousers
- *TPM tools
- tpmmanager
參考學習
實驗步驟:
- 打開 TPM模擬器:
root@shm-Junyi-M580:/home/shm# tpmd -df
tpmd.c:523: Info: starting TPM Emulator daemon (1.2.0.7-475)
tpmd.c:102: Info: parsing options
tpmd.c:109: Debug: debug mode enabled
tpmd.c:104: Debug: handling option '-f'
tpmd.c:112: Debug: application is forced to run in foreground
tpmd.c:228: Info: installing signal handlers
tpmd.c:387: Info: staring main loop
tpmd.c:302: Info: initializing socket /var/run/tpm/tpmd_socket:0
tpmd.c:401: Debug: initializing TPM emulator
tpm_emulator_extern.c:101: Info: _tpm_extern_init()
tpm_emulator_extern.c:104: Debug: openening random device /dev/urandom
tpm_cmd_handler.c:4113: Debug: tpm_emulator_init(2, 0x00000000)
tpm_startup.c:29: Info: TPM_Init()
tpm_testing.c:243: Info: TPM_SelfTestFull()
tpm_testing.c:39: Debug: tpm_test_prng()
tpm_testing.c:69: Debug: Monobit: 10119
tpm_testing.c:70: Debug: Poker: 10.9
tpm_testing.c:71: Debug: run_1: 2529, 2504
tpm_testing.c:72: Debug: run_2: 1249, 1235
tpm_testing.c:73: Debug: run_3: 626, 644
tpm_testing.c:74: Debug: run_4: 314, 280
tpm_testing.c:75: Debug: run_5: 145, 165
tpm_testing.c:76: Debug: run_6+: 146, 180
tpm_testing.c:77: Debug: run_34: 0
tpm_testing.c:111: Debug: tpm_test_sha1()
tpm_testing.c:157: Debug: tpm_test_hmac()
tpm_testing.c:184: Debug: tpm_test_rsa_EK()
tpm_testing.c:186: Debug: tpm_rsa_generate_key()
tpm_testing.c:191: Debug: testing endorsement key
tpm_testing.c:197: Debug: tpm_rsa_sign(RSA_SSA_PKCS1_SHA1)
tpm_testing.c:200: Debug: tpm_rsa_verify(RSA_SSA_PKCS1_SHA1)
tpm_testing.c:203: Debug: tpm_rsa_sign(RSA_SSA_PKCS1_DER)
tpm_testing.c:206: Debug: tpm_rsa_verify(RSA_SSA_PKCS1_DER)
tpm_testing.c:210: Debug: tpm_rsa_encrypt(RSA_ES_PKCSV15)
tpm_testing.c:214: Debug: tpm_rsa_decrypt(RSA_ES_PKCSV15)
tpm_testing.c:218: Debug: verify plain text
tpm_testing.c:221: Debug: tpm_rsa_encrypt(RSA_ES_OAEP_SHA1)
tpm_testing.c:225: Debug: tpm_rsa_decrypt(RSA_ES_OAEP_SHA1)
tpm_testing.c:229: Debug: verify plain text
tpm_testing.c:261: Info: Self-Test succeeded
tpm_startup.c:43: Info: TPM_Startup(2)
tpmd.c:412: Debug: waiting for connections...
- 打開TSS——trousers
root@shm-Junyi-M580:/home/shm# tcsd -ef
TCSD trousers 0.3.14: TCSD up and running.
3.. 查看TPM基本信息
root@shm-Junyi-M580:/home/shm# tpm_version
ط��� TPM 1.2 Version Info:
Chip Version: 1.2.0.7
Spec Level: 2
Errata Revision: 1
TPM Vendor ID: ETHZ
TPM Version: 01010000
Manufacturer Info: 4554485a
root@shm-Junyi-M580:/home/shm#
4.打開TPMManager
root@shm-Junyi-M580:/home/shm# tpmmanager
代碼塊
pcr_test.c 文件測試代碼如下:
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <tss/tss_error.h>
#include <tss/platform.h>
#include <tss/tss_defines.h>
#include <tss/tss_typedef.h>
#include <tss/tss_structs.h>
#include <tss/tspi.h>
#include <trousers/trousers.h>
#define Debug(message, tResult) printf("%s : %s\n", message, (char *)Trspi_Error_String(result))
void printMenu(); //打印菜單函數
int main(int argc, char **argv)
{
TSS_HCONTEXT hContext; //上下文
TSS_HTPM hTPM;
TSS_HPCRS hPcrs;
TSS_HENCDATA hEncdata;
TSS_HENCDATA hRetrieveData;
TSS_RESULT result;
TSS_HKEY hSRK = 0;
TSS_HPOLICY hSRKPolicy = 0;
TSS_UUID SRK_UUID = TSS_UUID_SRK;
BYTE wks[20];
BYTE *pubkey;
UINT32 pubkeySize;
BYTE *rgbPcrValue;
UINT32 ulPcrLen;
BYTE *encData;
UINT32 encDataSize;
BYTE *outstring;
UINT32 outlength;
FILE *fout, *fin;
int i;
UINT32 j;
BYTE valueToExtend[250];
int count = 0;
int pcrToExtend = 0;
memset(wks, 0, 20);
memset(valueToExtend, 0 ,250);
printf("|***********PCR_TEST START:***************|\n");
//選擇你正在與之通信的TPM,默認情況下是系統TPM(用NULL表示)
result = Tspi_Context_Create(&hContext);
Debug(" 1-Create Context",result);
result = Tspi_Context_Connect(hContext,NULL);
Debug(" 2-Context Connect", result);
//獲得TPM句柄
result = Tspi_Context_GetTpmObject(hContext, &hTPM);
Debug(" 3-Get TPM Handle", result);
//取得 SRK 句柄
result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, SRK_UUID, &hSRK);
Debug(" 4-Get the SRK handle", result);
//獲取 SRK 策略
result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &hSRKPolicy);
Debug(" 5-Get the SRK Policy", result);
//然後將SRK策略設置爲衆所周知的祕密
result = Tspi_Policy_SetSecret(hSRKPolicy, TSS_SECRET_MODE_SHA1, 20, wks);
//輸出所有PCR寄存器內的值
printf("+++++++++輸出所有PCR寄存器內的值:+++++++++\n");
for(j=0; j<24; j++)
{
result = Tspi_TPM_PcrRead(hTPM, j, &ulPcrLen, &rgbPcrValue);
printf("PCR %02d ",j);
for(i=0; i<20; i++)
printf("%02x", *(rgbPcrValue + i));
printf("\n");
}
//顯示每個命令行參數
printf("\n ========Command line arguments:========\n");
for(count = 0; count < argc; count++)
printf("argv[%d]: %s\n",count, argv[count]);
//檢查命令行參數
if (argc >= 3)
{
if (strcmp(argv[1],"-p") == 0)
{
pcrToExtend = atoi(argv[2]);
if (pcrToExtend < 0 || pcrToExtend > 23)
{
printMenu();
return 0;
}
}
if(argc == 5)
{
if(strcmp(argv[3], "-v") == 0)
memcpy(valueToExtend,argv[4],strlen(argv[4]));
}
else //使用默認值
memcpy(valueToExtend, "ABCDEFGHIJKLMNOPQRST",20);
}
else
{
printMenu();
return 0;
}
//擴展值
result = Tspi_TPM_PcrExtend(hTPM, pcrToExtend,20,(BYTE *)valueToExtend, NULL, &ulPcrLen, &rgbPcrValue);
Debug("*********Extend the PCR**********", result);
//輸出擴展操作後 PCR寄存器的值
printf("+++++++++輸出擴展操作後PCR寄存器的值:+++++++++\n");
for (j = 0; j < 24; j++)
{
result = Tspi_TPM_PcrRead(hTPM, j, &ulPcrLen, &rgbPcrValue);
printf("PCR %02d ", j);
for (i = 0; i < 20; i++)
printf("%02x", *(rgbPcrValue + i));
printf("\n");
}
//清理上下文對象
printf("####清理上下文對象####\n");
Tspi_Context_FreeMemory(hContext, NULL);
Tspi_Context_Close(hContext);
return 0;
}
void printMenu()
{
printf("\n*改變PCRn值的幫助菜單:*\n");
printf("| -p PCR regiter to extend(0-23)\n");
printf("| -v Value to be extended into PCR(abc...)\n");
printf("| Note: -v argument is optional and a default value will be used if no value is provided\n");
printf("| Example: ChangePCRn -p 10 -v abcdef\n");
printf("-***********PCR_TEST END:***************-\n");
}
編譯並運行
編譯時,注意後面的參數 -ltspi:
/test-pcr# gcc pcr_test.c -o pcr_test -ltspi
運行效果:
(注:因爲之前就已經通過傳入參數,更改了PCR [0]和PCR[10]的值,所以顯示結果就非0了。
可以通過在執行時,後面跟參數進行修改對應PCR的值,例如:
/test-pcr# ./pcr_test -p 16 -v 123 //修改PCR16的值,向其中擴展操作,值爲123)
root@shm-Junyi-M580:/home/shm/TPM/test-tpm/test-pcr# ./pcr_test
|***********PCR_TEST START:***************|
1-Create Context : Success
2-Context Connect : Success
3-Get TPM Handle : Success
4-Get the SRK handle : Success
5-Get the SRK Policy : Success
+++++++++輸出所有PCR寄存器內的值:+++++++++
PCR 00 f86ce8ad33b4f0a9cab79849bf9c1d2bcaa3d8b3
PCR 01 0000000000000000000000000000000000000000
PCR 02 0000000000000000000000000000000000000000
PCR 03 0000000000000000000000000000000000000000
PCR 04 0000000000000000000000000000000000000000
PCR 05 0000000000000000000000000000000000000000
PCR 06 0000000000000000000000000000000000000000
PCR 07 0000000000000000000000000000000000000000
PCR 08 0000000000000000000000000000000000000000
PCR 09 0000000000000000000000000000000000000000
PCR 10 d8c9e7c6e026fe6259f3cd4445949561d5692668
PCR 11 0000000000000000000000000000000000000000
PCR 12 0000000000000000000000000000000000000000
PCR 13 0000000000000000000000000000000000000000
PCR 14 0000000000000000000000000000000000000000
PCR 15 0000000000000000000000000000000000000000
PCR 16 ffffffffffffffffffffffffffffffffffffffff
PCR 17 ffffffffffffffffffffffffffffffffffffffff
PCR 18 ffffffffffffffffffffffffffffffffffffffff
PCR 19 ffffffffffffffffffffffffffffffffffffffff
PCR 20 ffffffffffffffffffffffffffffffffffffffff
PCR 21 ffffffffffffffffffffffffffffffffffffffff
PCR 22 ffffffffffffffffffffffffffffffffffffffff
PCR 23 ffffffffffffffffffffffffffffffffffffffff
========Command line arguments:========
argv[0]: ./pcr_test
*改變PCRn值的幫助菜單:*
| -p PCR regiter to extend(0-23)
| -v Value to be extended into PCR(abc...)
| Note: -v argument is optional and a default value will be used if no value is provided
| Example: ChangePCRn -p 10 -v abcdef
-***********PCR_TEST END:***************-
root@shm-Junyi-M580:/home/shm/TPM/test-tpm/test-pcr#